<map version="0.9.0">
<!-- To view this file, download free mind mapping software FreeMind from http://freemind.sourceforge.net -->
<node CREATED="1304050236560" ID="Freemind_Link_708997326" MODIFIED="1304050249123" TEXT="Protocol">
<node CREATED="1304050293815" ID="_" MODIFIED="1304193682395" POSITION="right" TEXT="RFC822 message">
<node CREATED="1304055988589" ID="Freemind_Link_109102947" MODIFIED="1304149227283" TEXT="needs Destination Mailbox"/>
<node CREATED="1304050332184" ID="Freemind_Link_1935537411" MODIFIED="1304149288352" TEXT="needs to be formatted (s/mime or raw)">
<node CREATED="1304067477344" ID="ID_883890040" MODIFIED="1304149314337" TEXT="S/MIME format">
<node CREATED="1304149370853" ID="ID_911725584" MODIFIED="1304149500875" TEXT="Certificate provided as S/MIME signature certificate"/>
<node CREATED="1304067494215" ID="ID_1399781636" MODIFIED="1304068267892" TEXT="backward-compatibility"/>
<node CREATED="1304067538072" ID="ID_392119969" MODIFIED="1304149741524" TEXT="will unavoidably and constantly cause alarm in recipient&apos;s current client"/>
<node CREATED="1304067599741" ID="ID_1409985710" MODIFIED="1304067612135" TEXT="will send message down certificate parser path">
<node CREATED="1304068300481" ID="ID_486244451" MODIFIED="1304149481560" TEXT="want to encourage this"/>
</node>
<node CREATED="1304148943306" ID="ID_1936078984" MODIFIED="1304149067365" TEXT="Could include the bundlecert as the certificate, with an almost-empty body"/>
<node CREATED="1304149768376" ID="ID_514492549" MODIFIED="1304149818401" TEXT="Requires throwaway keypair to be used outside bundlecert creation"/>
</node>
<node CREATED="1304068327599" ID="ID_1687904605" MODIFIED="1304149331428" TEXT="MIME attachment">
<node CREATED="1304068397333" ID="ID_1838720658" MODIFIED="1304106176449" TEXT="would reduce SMTP to bulk transport"/>
<node CREATED="1304106187031" ID="ID_1334149868" MODIFIED="1304106189058" TEXT="would be easier"/>
<node CREATED="1304149526448" ID="ID_1772106218" MODIFIED="1304149532419" TEXT="much simpler"/>
<node CREATED="1304149534988" ID="ID_1824840046" MODIFIED="1304149596839" TEXT="allows for MIME type to be communicated for automated processing"/>
<node CREATED="1304149632877" ID="ID_261924580" MODIFIED="1304149645488" TEXT="allows users to use current mail readers"/>
<node CREATED="1304068436230" ID="ID_1507077285" MODIFIED="1304149688551" TEXT="would speed acceptance"/>
</node>
</node>
<node CREATED="1304193530503" ID="ID_689261149" MODIFIED="1304193575566" TEXT="message content almost worthless"/>
<node CREATED="1304050928960" ID="Freemind_Link_1317734269" MODIFIED="1304193585958" TEXT="message attachment">
<node CREATED="1304149080776" ID="ID_247830829" MODIFIED="1304149103720" TEXT="bundlecert">
<node CREATED="1304055110924" ID="Freemind_Link_1953480407" MODIFIED="1304055119631" TEXT="Subject Key">
<node COLOR="#990000" CREATED="1304055121113" ID="Freemind_Link_1868403518" MODIFIED="1304148529374" TEXT="Throwaway public key (nonce)"/>
</node>
<node COLOR="#669900" CREATED="1304052887500" FOLDED="true" ID="Freemind_Link_761004874" MODIFIED="1304193637205" TEXT="Extension: Symmetric Encrypted A block">
<font NAME="SansSerif" SIZE="12"/>
<node CREATED="1304055224466" ID="Freemind_Link_902863818" MODIFIED="1304055268945" TEXT="Symmetric encrypted B block">
<node CREATED="1304051307767" ID="Freemind_Link_6019573" MODIFIED="1304069673485" TEXT="Unencrypted Content block (C block)">
<node CREATED="1304051576953" ID="Freemind_Link_179726164" MODIFIED="1304051580907" TEXT="RFC822 Message"/>
<node COLOR="#990000" CREATED="1304050944775" ID="Freemind_Link_271612665" MODIFIED="1304148533339" TEXT="Throwaway public key (nonce)"/>
<node COLOR="#338800" CREATED="1304051622161" ID="Freemind_Link_1269755886" MODIFIED="1304068478333" TEXT="Identity CA Signed Key">
<node CREATED="1304051915600" ID="Freemind_Link_1733970539" MODIFIED="1304051924067" TEXT="Key generated by user"/>
<node CREATED="1304051924581" ID="Freemind_Link_1062450765" MODIFIED="1304054367407" TEXT="Signature by Identity CA"/>
<node CREATED="1304051980258" ID="Freemind_Link_1313874545" MODIFIED="1304148825721" TEXT="Asserts that the enrolled keyholder has proven that it can claim the certified identity"/>
</node>
<node CREATED="1304052405956" ID="Freemind_Link_1416713930" MODIFIED="1304068479582" TEXT="OCSP Response ">
<node CREATED="1304052413963" ID="Freemind_Link_1437809400" MODIFIED="1304068496427" TEXT="obtained by originating user">
<node CREATED="1304052430769" ID="Freemind_Link_849258216" MODIFIED="1304052439673" TEXT="for Identity CA Signed key"/>
</node>
</node>
</node>
<node COLOR="#338800" CREATED="1304054260713" ID="Freemind_Link_1451667216" MODIFIED="1304069762053" TEXT="signature over C block by Identity CA signed key"/>
<node COLOR="#990000" CREATED="1304054247879" ID="Freemind_Link_1863717633" MODIFIED="1304148514007" TEXT="signature over block by throwaway (nonce) private key"/>
</node>
<node COLOR="#ff0000" CREATED="1304055248377" ID="Freemind_Link_1632760982" MODIFIED="1304148629873" TEXT="To-Recipient encrypted Symmetric key B"/>
<node CREATED="1304052912496" ID="Freemind_Link_1124119001" MODIFIED="1304052923580" TEXT="Copyright license">
<node CREATED="1304067934658" ID="ID_487558807" MODIFIED="1304148246268" TEXT="DMCA">
<node CREATED="1304148254748" ID="ID_1904482267" MODIFIED="1304148257506" TEXT="rationale">
<node CREATED="1304068019720" ID="ID_607406417" MODIFIED="1304068059976" TEXT="was req&apos;d for international treaty"/>
<node CREATED="1304069924473" ID="ID_1831293430" MODIFIED="1304069927276" TEXT="US is not going to break it"/>
<node CREATED="1304069937497" ID="ID_1768497950" MODIFIED="1304148306976" TEXT="even if it failed, classic copyright still applies"/>
</node>
<node CREATED="1304148269395" ID="ID_373152679" MODIFIED="1304148319553" TEXT="Mode of action">
<node CREATED="1304148321311" ID="ID_1193968999" MODIFIED="1304148373847" TEXT="Encryption, in form of DVD&apos;s CSS and equivalent"/>
<node CREATED="1304148389060" ID="ID_567612058" MODIFIED="1304148413122" TEXT="technological protection measure">
<node CREATED="1304148417449" ID="ID_1553738246" MODIFIED="1304148464119" TEXT="Encrypted system"/>
</node>
</node>
</node>
<node CREATED="1304067971575" ID="ID_1914761531" MODIFIED="1304068077000" TEXT="copyright (classic)">
<node CREATED="1304068082030" ID="ID_653221548" MODIFIED="1304068102843" TEXT="applies the moment information is placed in a tangible form"/>
<node CREATED="1304068107202" ID="ID_163939742" MODIFIED="1304068146233" TEXT="provides for the right to restrict derived works">
<node CREATED="1304068194908" ID="ID_349865867" MODIFIED="1304068211537" TEXT="decryption is deriving plaintext from ciphertext"/>
</node>
</node>
</node>
</node>
<node CREATED="1304053586755" ID="Freemind_Link_1083344804" MODIFIED="1304193695098" TEXT="Extension: To-Recipient encrypted Symmetric key A">
<node CREATED="1304067705066" ID="ID_603117855" MODIFIED="1304067861290" TEXT="multiple recipients permitted in same structure"/>
<node CREATED="1304067862653" ID="ID_150531724" MODIFIED="1304067880272" TEXT="One such is &quot;the user&apos;s set of recovery keys&quot;"/>
</node>
</node>
</node>
</node>
<node CREATED="1304050347121" ID="Freemind_Link_1010252719" MODIFIED="1304155892220" POSITION="left" TEXT="Bundle onReceipt Processing">
<node CREATED="1304104915805" ID="ID_1289173487" MODIFIED="1304105198667" TEXT="X.509 Processing">
<node CREATED="1304104930052" ID="ID_502862358" MODIFIED="1304104937725" TEXT="ASN.1 parsing"/>
<node COLOR="#338800" CREATED="1304104942631" ID="ID_131662046" MODIFIED="1304155962947" TEXT="SubjectPublicKeyInfo (nonce/throwaway)"/>
<node COLOR="#999900" CREATED="1304104956085" ID="ID_1195756788" MODIFIED="1304156761052" TEXT="Extension: A block"/>
<node CREATED="1304104975602" ID="ID_1310081526" MODIFIED="1304104986517" TEXT="Extension: A block keys"/>
<node COLOR="#338800" CREATED="1304105132990" ID="ID_119428338" MODIFIED="1304155972579" TEXT="Verify self-signature over X.509 structure">
<node CREATED="1304105686154" ID="ID_937009084" MODIFIED="1304105696178" TEXT="According to sig algorithm rules"/>
</node>
</node>
<node COLOR="#999900" CREATED="1304105203728" ID="ID_1324197011" MODIFIED="1304156285118" TEXT="Open outer box (A block)">
<node CREATED="1304105216450" ID="ID_1771399793" MODIFIED="1304105234084" TEXT="decrypt A block key"/>
<node CREATED="1304105249506" ID="ID_1130861645" MODIFIED="1304105266170" TEXT="decrypt A block"/>
<node COLOR="#cc3300" CREATED="1304105288474" ID="ID_1323174419" MODIFIED="1304193810746" TEXT="Obtain: B Block, B Keys, copyright license, and timestamp/postmark">
<font NAME="SansSerif" SIZE="12"/>
</node>
</node>
<node CREATED="1304105268879" ID="ID_733011271" MODIFIED="1304105334909" TEXT="Verify license acceptance"/>
<node COLOR="#cc3300" CREATED="1304105338384" ID="ID_1903137052" MODIFIED="1304156279059" TEXT="Open inner box (B block)">
<node CREATED="1304105375812" ID="ID_1015834337" MODIFIED="1304105379853" TEXT="Decrypt B block key"/>
<node CREATED="1304105387666" ID="ID_1890427893" MODIFIED="1304105392037" TEXT="Decrypt B block"/>
<node COLOR="#990099" CREATED="1304105394867" ID="ID_1087729596" MODIFIED="1304156251064" TEXT="Obtain: C block"/>
<node COLOR="#0033ff" CREATED="1304105423487" ID="ID_1288206902" MODIFIED="1304156261857" TEXT="Obtain: Signatures over C block"/>
</node>
<node CREATED="1304156833650" ID="ID_877777140" MODIFIED="1304156843925" TEXT="Assertion Processing">
<node COLOR="#990099" CREATED="1304105436721" FOLDED="true" ID="ID_1751878085" MODIFIED="1304193776708" TEXT="Go through C block to find key assertions">
<node CREATED="1304105470014" ID="ID_662417755" MODIFIED="1304105531721" TEXT="Each certificate from Identity CA is really a cert chain"/>
<node CREATED="1304105536451" ID="ID_519653388" MODIFIED="1304105557668" TEXT="Identity CA key is not in local trust store"/>
<node CREATED="1304105558502" ID="ID_900913147" MODIFIED="1304105575851" TEXT="Only Identity CA certifier in local trust store"/>
<node CREATED="1304105593856" ID="ID_467035036" MODIFIED="1304105611564" TEXT="Every cert in chain is independent assertion to be verified"/>
<node CREATED="1304156081363" ID="ID_269421465" MODIFIED="1304156216153" TEXT="Every intermediate certificate and every end entity certificate"/>
</node>
<node COLOR="#990099" CREATED="1304105741160" FOLDED="true" ID="ID_933120715" MODIFIED="1304193779245" TEXT="Go through C block to find proof for key assertions">
<node CREATED="1304105770047" ID="ID_1797236709" MODIFIED="1304105858163" TEXT="Cert chain for sender certificate is chain of key proofs"/>
<node CREATED="1304105619255" ID="ID_240088850" MODIFIED="1304106589688" TEXT="Every cert in Identity CA chain has OCSP response"/>
<node CREATED="1304105863390" ID="ID_1477752360" MODIFIED="1304106555231" TEXT="Verify each cert in chain via RFC5280 rules"/>
<node CREATED="1304105947873" ID="ID_1012347023" MODIFIED="1304106004269" TEXT="Remainder must be proven in Signatures over C block"/>
<node CREATED="1304156154813" ID="ID_1796182407" MODIFIED="1304156196973" TEXT="Every intermediate certificate and every end entity certificate"/>
<node CREATED="1304156442078" ID="ID_1112294972" MODIFIED="1304156447771" TEXT="Identity Key"/>
<node CREATED="1304156451121" ID="ID_635970644" MODIFIED="1304156455922" TEXT="OCSP Response"/>
</node>
<node COLOR="#0033ff" CREATED="1304105932178" FOLDED="true" ID="ID_589283555" MODIFIED="1304193789283" TEXT="Verify Signatures over C block with remaining unproven keys">
<font NAME="SansSerif" SIZE="12"/>
<node COLOR="#338800" CREATED="1304156012816" ID="ID_637337794" MODIFIED="1304156022803" TEXT="throwaway public key (nonce)"/>
<node COLOR="#ff0000" CREATED="1304156023843" ID="ID_1165371057" MODIFIED="1304156035527" TEXT="identity key"/>
</node>
</node>
<node CREATED="1304106037667" ID="ID_399055082" MODIFIED="1304106115158" TEXT="Process non-key content in C block"/>
</node>
<node CREATED="1304054431723" ID="Freemind_Link_687032169" MODIFIED="1304155110199" POSITION="left" TEXT="Bundle Creation">
<node COLOR="#990099" CREATED="1304069265834" ID="ID_764350523" MODIFIED="1304155513425" TEXT="Create C block">
<node COLOR="#338800" CREATED="1304054438732" ID="Freemind_Link_947561676" MODIFIED="1304155873997" TEXT="throwaway public key (nonce)"/>
<node COLOR="#ff0000" CREATED="1304054453683" ID="Freemind_Link_347376874" MODIFIED="1304155771477" TEXT="Identity key"/>
<node COLOR="#ff0000" CREATED="1304054490445" ID="Freemind_Link_1312781995" MODIFIED="1304156413672" TEXT="OCSP Response">
<node CREATED="1304071883980" ID="ID_1652015621" MODIFIED="1304155567954" TEXT="Obtained when message is generated"/>
</node>
<node CREATED="1304054552793" ID="Freemind_Link_967478993" MODIFIED="1304071805099" TEXT="copyright license"/>
<node CREATED="1304069342035" ID="ID_1603037648" MODIFIED="1304069378531" TEXT="Interior Message Content"/>
<node CREATED="1304105011445" ID="ID_721555096" MODIFIED="1304155783517" TEXT="Recipient mailbox(es) public key(s)"/>
</node>
<node CREATED="1304069453069" ID="ID_1189740505" MODIFIED="1304069488674" TEXT="foreach public key asserted as belonging to sender">
<node CREATED="1304069492973" ID="ID_1220634682" MODIFIED="1304069503545" TEXT="generate independent signature over structure"/>
<node COLOR="#ff0000" CREATED="1304155846394" ID="ID_832358235" MODIFIED="1304156354033" TEXT="identity key"/>
<node COLOR="#338800" CREATED="1304156339716" ID="ID_1752393280" MODIFIED="1304156364465" TEXT="throwaway public key (nonce)"/>
</node>
<node CREATED="1304069520237" ID="ID_617439823" MODIFIED="1304070039204" TEXT="Create structure containing C block and all signatures"/>
<node COLOR="#cc3300" CREATED="1304070057398" ID="ID_708632184" MODIFIED="1307347856763" TEXT="Symmetrically encrypt B block">
<font NAME="SansSerif" SIZE="12"/>
</node>
<node CREATED="1304070105460" ID="ID_976765223" MODIFIED="1304070113562" TEXT="foreach recipient">
<node CREATED="1304070115556" ID="ID_1354775874" MODIFIED="1304070374333" TEXT="asymmetrically encrypt symmetric key B with recipient public key"/>
</node>
<node CREATED="1304070164676" ID="ID_344092933" MODIFIED="1304070173706" TEXT="Create structure containining">
<node COLOR="#cc3300" CREATED="1304070175845" ID="ID_460025236" MODIFIED="1307347863143" TEXT="Symmetrically encrypted B block"/>
<node CREATED="1304070196412" ID="ID_1397500135" MODIFIED="1304070360868" TEXT="key B as encrypted to all recipients"/>
<node CREATED="1304070250676" ID="ID_1572056447" MODIFIED="1304070255221" TEXT="copyright license"/>
<node COLOR="#cc6600" CREATED="1304072225319" FOLDED="true" ID="ID_1698365611" MODIFIED="1307347875647" TEXT="timestamp over B block">
<node CREATED="1304155590942" ID="ID_1685053816" MODIFIED="1304155596229" TEXT="functions as postmark"/>
</node>
</node>
<node COLOR="#999900" CREATED="1304070261219" ID="ID_840521921" MODIFIED="1304156300775" TEXT="Symmetrically encrypt A block"/>
<node CREATED="1304070304959" ID="ID_1654611280" MODIFIED="1304070313856" TEXT="foreach recipient">
<node CREATED="1304070316759" ID="ID_836181299" MODIFIED="1304070401568" TEXT="asymmetrically encrypt symmetric key A with recipient public key"/>
</node>
<node CREATED="1304070405042" ID="ID_345068400" MODIFIED="1304074022245" TEXT="create TBSCertificate structure (RFC5280)">
<node CREATED="1304070473049" ID="ID_1293023820" MODIFIED="1304070492391" TEXT="Extensions">
<node COLOR="#999900" CREATED="1304070427793" ID="ID_1973762126" MODIFIED="1304156303273" TEXT="Encrypted A block"/>
<node CREATED="1304070443701" ID="ID_1680805511" MODIFIED="1304070453632" TEXT="key A as encrypted to all recipients"/>
</node>
<node CREATED="1304070495356" ID="ID_200588547" MODIFIED="1304071657494" TEXT="SubjectPublicKeyInfo">
<node COLOR="#338800" CREATED="1304070506084" ID="ID_364627599" MODIFIED="1304155732132" TEXT="Throwaway (nonce) public key"/>
</node>
</node>
<node COLOR="#338800" CREATED="1304074025087" ID="ID_1174842479" MODIFIED="1304155902994" TEXT="Sign TBSCertificate with throwaway (nonce) private key"/>
</node>
<node CREATED="1304070748919" ID="ID_127551567" MODIFIED="1304156308323" POSITION="left" TEXT="References">
<node CREATED="1304071339167" ID="ID_960129120" MODIFIED="1304071352837" TEXT="IETF (freely available)">
<node CREATED="1304071228241" ID="ID_1764509706" MODIFIED="1304071242840" TEXT="RFC2045 (MIME)"/>
<node CREATED="1304071087556" ID="ID_1339362601" MODIFIED="1304071103167" TEXT="RFC3851 (S/MIME 3.1)"/>
<node CREATED="1304071104747" ID="ID_1432413466" MODIFIED="1304071128919" TEXT="RFC5751 (S/MIME 3.2)"/>
<node CREATED="1304051539380" ID="Freemind_Link_464609964" MODIFIED="1304070869409" TEXT="RFC5280 (PKIX)">
<node CREATED="1304070761318" ID="ID_1691303995" MODIFIED="1304070863925" TEXT="X.509 Certificate Structure"/>
</node>
<node CREATED="1304107051545" ID="ID_201401839" MODIFIED="1304107071165" TEXT="RFC3161 (Time Stamp Protocol)"/>
<node CREATED="1304107422307" ID="ID_1370376819" MODIFIED="1304107427964" TEXT="RFC2560 (OCSP)"/>
</node>
<node CREATED="1304071293667" ID="ID_1462505857" MODIFIED="1304071317725" TEXT="ITU (freely available)">
<node CREATED="1304071164572" ID="ID_1988660965" MODIFIED="1304071176645" TEXT="ITU X.690 (ASN.1)"/>
<node CREATED="1304071178442" ID="ID_701872498" MODIFIED="1304071193904" TEXT="ITU X.691 (BER/DER encoding)"/>
<node CREATED="1304071250685" ID="ID_916501904" MODIFIED="1304071274041" TEXT="ITU X.509 (Certificate format)"/>
</node>
<node CREATED="1304071620580" ID="ID_954939311" MODIFIED="1304071632433" TEXT="CPAN (freely available)">
<node CREATED="1304212536806" ID="ID_1499135127" MODIFIED="1304212539388" TEXT="S/MIME">
<node CREATED="1304212154581" ID="ID_640276391" MODIFIED="1304212178951" TEXT="Crypt::SMIME"/>
<node CREATED="1304212482712" ID="ID_290939416" MODIFIED="1304212484485" TEXT="Crypt::OpenSSL::SMIME"/>
<node CREATED="1304212517536" ID="ID_640655875" MODIFIED="1304212523791" TEXT="Crypt::Simple::SMIME"/>
</node>
<node CREATED="1304212566445" ID="ID_1338815011" MODIFIED="1304212571161" TEXT="X.509">
<node CREATED="1304212574457" ID="ID_640196260" MODIFIED="1304212574457" TEXT=""/>
</node>
</node>
</node>
<node CREATED="1304106217347" FOLDED="true" ID="ID_1941937548" MODIFIED="1304154989004" POSITION="left" TEXT="Protocol Parties">
<node CREATED="1304050678857" ID="Freemind_Link_213015436" MODIFIED="1304147925860" TEXT="Identity CA (non-party)">
<node CREATED="1304050685856" ID="Freemind_Link_1230234015" MODIFIED="1304148012963" TEXT="Trusted for what the Identity CA is good at">
<node CREATED="1304050691230" ID="Freemind_Link_1304779843" MODIFIED="1304107200680" TEXT="Owner of the key is owner of the identity asserted"/>
<node CREATED="1304147933681" ID="ID_516795660" MODIFIED="1304147953312" TEXT="Being very good at authenticating identity documentation"/>
<node CREATED="1304147957253" ID="ID_1067340352" MODIFIED="1304147981527" TEXT="Being very bad at communicating that authentication of identity documentation"/>
</node>
<node CREATED="1304068518585" ID="ID_624648092" MODIFIED="1304068534490" TEXT="Not limited to state identity (as Distinguished Name)"/>
<node CREATED="1304068537790" FOLDED="true" ID="ID_794193126" MODIFIED="1304143684833" TEXT="Any publicly-held register may be asserted">
<node CREATED="1304068900147" ID="ID_545719975" MODIFIED="1304068924460" TEXT="civil register"/>
<node CREATED="1304068962202" ID="ID_1838536264" MODIFIED="1304069006076" TEXT="IP numbers"/>
<node CREATED="1304068989269" ID="ID_838353264" MODIFIED="1304069012987" TEXT="DNS domain names"/>
<node CREATED="1304069038851" ID="ID_1482742600" MODIFIED="1304069062716" TEXT="state bar"/>
<node CREATED="1304069068014" ID="ID_1283861295" MODIFIED="1304069085219" TEXT="physician&apos;s license"/>
<node CREATED="1304107221853" ID="ID_10359561" MODIFIED="1304107227375" TEXT="tax records"/>
<node CREATED="1304107230998" ID="ID_1743322222" MODIFIED="1304107239159" TEXT="many many more"/>
</node>
<node CREATED="1304068776067" ID="ID_1091085357" MODIFIED="1304068784689" TEXT="No privately-held register may be asserted"/>
<node CREATED="1304068643480" FOLDED="true" ID="ID_678098269" MODIFIED="1304143687400" TEXT="Eventually needs to change its product/model">
<node CREATED="1304068655216" ID="ID_91421967" MODIFIED="1304068666592" TEXT="Enrollment must be made seamless"/>
<node CREATED="1304068666916" ID="ID_1989011207" MODIFIED="1304068688793" TEXT="Enrollment must be made non-unique"/>
<node CREATED="1304068692914" ID="ID_415845039" MODIFIED="1304068711537" TEXT="Enrollment must be made automatic"/>
<node CREATED="1304068716618" ID="ID_1462217883" MODIFIED="1304068731057" TEXT="Enrollment must be made technically secure"/>
<node CREATED="1304068741880" ID="ID_1443170973" MODIFIED="1304068762960" TEXT="Certification must be less verbose"/>
<node CREATED="1304068812534" ID="ID_557970780" MODIFIED="1304068827709" TEXT="Certification must indicate where state can look"/>
<node CREATED="1304068834155" ID="ID_1036957131" MODIFIED="1304068863559" TEXT="Certification must not include anything more than what the user needs to assert right then"/>
</node>
</node>
<node CREATED="1304143588483" FOLDED="true" ID="ID_1089412492" MODIFIED="1304147904453" TEXT="Non-Identity CA (non-party)">
<node CREATED="1304143600645" ID="ID_593075881" MODIFIED="1304143610896" TEXT="Not trusted to assert state identity availability"/>
<node CREATED="1304143614019" ID="ID_1443041944" MODIFIED="1304147317391" TEXT="Trusted by whatever community it&apos;s run for, for whatever the members of that community trust it for"/>
<node CREATED="1304147340397" ID="ID_693999942" MODIFIED="1304147398762" TEXT="Could be a professional society (IEEE member, bar association, American Academy of Surgeons)"/>
<node CREATED="1304147400920" ID="ID_304083390" MODIFIED="1304147424263" TEXT="Could be an online pseudonymous bulletin board system"/>
<node CREATED="1304147433216" ID="ID_1828549980" MODIFIED="1304147887101" TEXT="Could be a family, attempting to keep family business in the family"/>
<node CREATED="1304147468496" ID="ID_1915598034" MODIFIED="1304147507693" TEXT="Could be e.g. Blizzard, certifying the key of the player of a particular game character"/>
<node CREATED="1304147784127" ID="ID_1015598136" MODIFIED="1304147831451" TEXT="Could be e.g. Blizzard, certifying the key of a game master able to solve problems"/>
<node CREATED="1304147639033" ID="ID_544292087" MODIFIED="1304147669100" TEXT="Could be a convention planner, securing convention assets for attendees only"/>
<node CREATED="1304147724333" ID="ID_1535374774" MODIFIED="1304147762843" TEXT="All have authority to conduct their own business for their own purposes without permission"/>
</node>
<node CREATED="1304106259308" FOLDED="true" ID="ID_1346341534" MODIFIED="1304147280207" TEXT="Sender (party)">
<node CREATED="1304050710378" ID="Freemind_Link_459466692" MODIFIED="1304106474375" TEXT="Puts a chain in the payload"/>
<node CREATED="1304067684851" ID="ID_1006355409" MODIFIED="1304067694843" TEXT="Will eventually do more">
<node CREATED="1304050673063" ID="Freemind_Link_1022897214" MODIFIED="1304050678237" TEXT="User CA"/>
</node>
<node CREATED="1304106332783" ID="ID_1255046259" MODIFIED="1304106350359" TEXT="Has: Identity CA-signed key"/>
<node CREATED="1304106354694" ID="ID_696546331" MODIFIED="1304106372119" TEXT="Has: strong cryptographic capacity"/>
<node CREATED="1304106629647" ID="ID_237022341" MODIFIED="1304106636400" TEXT="Has: SMTP send capacity"/>
</node>
<node CREATED="1304106280942" FOLDED="true" ID="ID_685972620" MODIFIED="1304147282010" TEXT="Recipient (party)">
<node CREATED="1304106375600" ID="ID_1055697158" MODIFIED="1304106398540" TEXT="Has: public key">
<node CREATED="1304106401563" ID="ID_1712292045" MODIFIED="1304106410531" TEXT="Not necessarily Identity CA-signed"/>
<node CREATED="1304106413160" ID="ID_1763826732" MODIFIED="1304106432155" TEXT="Not necessarily non-IDCA-signed"/>
</node>
<node CREATED="1304106442470" ID="ID_1987651217" MODIFIED="1304106448870" TEXT="Has: strong cryptographic capacity"/>
<node CREATED="1304106639229" ID="ID_943496710" MODIFIED="1304106651557" TEXT="Has: SMTP receive capacity">
<node CREATED="1304106656892" ID="ID_1673170271" MODIFIED="1304106733315" TEXT="recipient mailbox"/>
</node>
</node>
</node>
<node CREATED="1304149870040" ID="ID_1487396324" MODIFIED="1304207617942" POSITION="right" TEXT="Background">
<node CREATED="1304149886397" ID="ID_1663817865" MODIFIED="1304149906946" TEXT="cryptographic building blocks">
<node CREATED="1304150452232" ID="ID_907993908" MODIFIED="1304150463290" TEXT="primitives">
<node CREATED="1304149910605" ID="ID_1524278128" MODIFIED="1304149922222" TEXT="secure hash algorithms">
<node CREATED="1304156883442" ID="ID_663919132" MODIFIED="1304156945449" TEXT="Deterministic means of condensing content to a fixed-length string"/>
<node CREATED="1304150078821" ID="ID_904259002" MODIFIED="1304150148315" TEXT="infeasable to find any input collision"/>
<node CREATED="1304150368076" ID="ID_1017914965" MODIFIED="1304150690249" TEXT="algorithm output can be thought of as the input&apos;s fingerprint"/>
<node CREATED="1304150703757" ID="ID_1186165169" MODIFIED="1304150746451" TEXT="outputs from different algorithms are like fingerprints from the input&apos;s different fingers"/>
</node>
<node CREATED="1304150151811" ID="ID_575389173" MODIFIED="1304150179995" TEXT="asymmetric key algorithms">
<node CREATED="1304150484052" ID="ID_1798727645" MODIFIED="1304150523199" TEXT="If something is encrypted with a public key, only its private key can decrypt it"/>
<node CREATED="1304150524812" ID="ID_1344614239" MODIFIED="1304150546037" TEXT="If something is encrypted with a private key, only its public key can decrypt it"/>
<node CREATED="1304150184895" ID="ID_411163003" MODIFIED="1304150201519" TEXT="Infeasable to find private key given public key"/>
<node CREATED="1304150220825" ID="ID_1830737044" MODIFIED="1304150304770" TEXT="asserts identity: &quot;Holder of this private key&quot;"/>
<node CREATED="1304150402061" ID="ID_1073762399" MODIFIED="1304150436702" TEXT="several orders of magnitude slower than symmetric"/>
<node CREATED="1304208381789" ID="ID_1128934217" MODIFIED="1304208410435" TEXT="Cannot be performed accidentally"/>
</node>
<node CREATED="1304150579827" ID="ID_546863121" MODIFIED="1304150594146" TEXT="symmetric key algorithms">
<node CREATED="1304150595638" ID="ID_672119150" MODIFIED="1304150624906" TEXT="same key must be at both ends, used for both encryption and decryption"/>
<node CREATED="1304150641222" ID="ID_1884028958" MODIFIED="1304150669276" TEXT="no idenitty asserted"/>
<node CREATED="1304150670170" ID="ID_473624626" MODIFIED="1304150795960" TEXT="1000x times faster than asymmetric"/>
<node CREATED="1304150828631" ID="ID_1308203780" MODIFIED="1304154135821" TEXT="block or stream">
<node CREATED="1304154137100" ID="ID_1079072327" MODIFIED="1304154140042" TEXT="block">
<node CREATED="1304154141409" ID="ID_1791870643" MODIFIED="1304154150738" TEXT="block-handling modes"/>
<node CREATED="1304154152494" ID="ID_1139738129" MODIFIED="1304154155309" TEXT="padding"/>
</node>
<node CREATED="1304154163165" ID="ID_1757113032" MODIFIED="1304154166113" TEXT="stream">
<node CREATED="1304154170258" ID="ID_102775041" MODIFIED="1304154197653" TEXT="continuously generates a sequence of bytes that have a 1:1 correspondence with bytes in ciphertext"/>
</node>
</node>
</node>
</node>
<node CREATED="1304154238552" ID="ID_910736340" MODIFIED="1304154260123" TEXT="compounds">
<node CREATED="1304154262113" ID="ID_1938968075" MODIFIED="1304154970977" TEXT="signature algorithms">
<node CREATED="1304154461747" ID="ID_160702131" MODIFIED="1304154515647" TEXT="structure declaration">
<node CREATED="1304154271530" ID="ID_1022167474" MODIFIED="1304154287795" TEXT="input: private key"/>
<node CREATED="1304154289666" ID="ID_1421281193" MODIFIED="1304154296046" TEXT="input: plaintext"/>
<node CREATED="1304154306232" ID="ID_1555490001" MODIFIED="1304154338033" TEXT="output: signature verifiable with public key"/>
</node>
<node CREATED="1304154489021" ID="ID_445592235" MODIFIED="1304154549048" TEXT="structure construction">
<node CREATED="1304154551884" ID="ID_1539283119" MODIFIED="1304154609744" TEXT="H = hash(plaintext)"/>
<node CREATED="1304154573546" ID="ID_269627113" MODIFIED="1304154601575" TEXT="S = asymcrypt(H,privatekey)"/>
</node>
<node CREATED="1304154625954" ID="ID_1373040989" MODIFIED="1304154630329" TEXT="Additional notes">
<node CREATED="1304154632127" ID="ID_1953919307" MODIFIED="1304154660010" TEXT="DSA doesn&apos;t separate H and S"/>
</node>
</node>
</node>
</node>
<node CREATED="1304154690214" ID="ID_1578047000" MODIFIED="1304207642843" TEXT="Definitions">
<node CREATED="1304208590298" ID="ID_81018839" MODIFIED="1304208594065" TEXT="General terms">
<node CREATED="1304208849913" ID="ID_1129203644" MODIFIED="1304208957393" TEXT="payload">
<node CREATED="1304208897311" ID="ID_229960386" MODIFIED="1304209004959" TEXT="the information which has policy applied to it, outside the realm of format"/>
</node>
<node CREATED="1304208595170" ID="ID_1773939014" MODIFIED="1304208625148" TEXT="algorithm">
<node CREATED="1304208627905" ID="ID_1235945358" MODIFIED="1304208963484" TEXT="A sequence of computation which will deterministically obscure, reveal, or characterize a payload"/>
</node>
<node CREATED="1304208753369" ID="ID_1155945320" MODIFIED="1304208757376" TEXT="protocol">
<node CREATED="1304208758429" ID="ID_1518193190" MODIFIED="1304222173072" TEXT="A particular arrangement of cryptographic building blocks used to transmit trustworthy information"/>
</node>
</node>
<node CREATED="1304154952051" ID="ID_1362368262" MODIFIED="1304211922574" TEXT="Terms related to asymmetric">
<node CREATED="1304207707240" ID="ID_518083215" MODIFIED="1304207710374" TEXT="keyholder">
<node CREATED="1304207711733" ID="ID_480641700" MODIFIED="1304207820821" TEXT="entity which possesses and can use the private key to the given public key"/>
</node>
<node CREATED="1304154746245" ID="ID_1229778516" MODIFIED="1304207898532" TEXT="Action: encrypt to recipient">
<node CREATED="1304154787659" ID="ID_1985439366" MODIFIED="1304154791599" TEXT="input: recipient key"/>
<node CREATED="1304154793606" ID="ID_1151003688" MODIFIED="1304154821108" TEXT="input: message content"/>
<node CREATED="1304154835709" ID="ID_330370974" MODIFIED="1304154845815" TEXT="output: tuple">
<node CREATED="1304154847385" ID="ID_1504921895" MODIFIED="1304154860589" TEXT="symmetrically-encrypted content"/>
<node CREATED="1304154865392" ID="ID_1174611899" MODIFIED="1304208013788" TEXT="content key as asymmetrically encrypted to recipient"/>
<node CREATED="1304208038184" ID="ID_660377857" MODIFIED="1304208051732" TEXT="content key as asymmetrically encrypted to recovery keys"/>
<node CREATED="1304207945028" ID="ID_1946283369" MODIFIED="1304207959742" TEXT="non-encrypted content key"/>
</node>
</node>
</node>
</node>
<node CREATED="1304157019059" ID="ID_1626788065" MODIFIED="1304157048648" TEXT="ITU Building Blocks">
<node CREATED="1304157124971" ID="ID_859253446" MODIFIED="1304157161970" TEXT="X.509 (signature chain format)">
<node CREATED="1304157186980" ID="ID_556336693" MODIFIED="1304208465832" TEXT="Amazingly overengineered but rock-solid spec"/>
<node CREATED="1304158459045" ID="ID_1990760190" MODIFIED="1304158547199" TEXT="Specifies how to encode the choice of  algorithm"/>
<node CREATED="1304158556460" ID="ID_218730552" MODIFIED="1304158600194" TEXT="Specifies how to encode information to bind to the key"/>
<node CREATED="1304158605036" ID="ID_1986608704" MODIFIED="1304158658555" TEXT="Specifies the semantics of -every- aspect of the data structure"/>
</node>
<node CREATED="1304157130071" ID="ID_573126585" MODIFIED="1304157144601" TEXT="X.690/X.691 (ASN.1/BER/DER)">
<node CREATED="1304158824112" ID="ID_821397283" MODIFIED="1304158858511" TEXT="ASN.1: structure definition language"/>
<node CREATED="1304157250900" ID="ID_1736347661" MODIFIED="1304158877262" TEXT="BER specifies encoding of ASN.1-specified structures"/>
<node CREATED="1304158664248" ID="ID_1050205519" MODIFIED="1304158920378" TEXT="DER (subset of BER) specifies deterministic encoding rules for ASN.1"/>
</node>
</node>
<node CREATED="1304155005809" ID="ID_876931399" MODIFIED="1304157061048" TEXT="IETF Building Blocks">
<node CREATED="1304155047870" ID="ID_839436853" MODIFIED="1304155064333" TEXT="PKIX (profile of ITU X.509)">
<node CREATED="1304157401397" ID="ID_188162397" MODIFIED="1304157420296" TEXT="Solely defined as an identity certificate format"/>
<node CREATED="1304157423613" ID="ID_716598390" MODIFIED="1304157452568" TEXT="Provides reference for X.509 structure in a pinch tho"/>
</node>
<node CREATED="1304155069348" ID="ID_842498502" MODIFIED="1304155102722" TEXT="Online Certificate Status Protocol (OCSP)">
<node CREATED="1304157658727" ID="ID_1483714367" MODIFIED="1304158224987" TEXT="Answers question: Has the given certificate been revoked as of the current time?"/>
<node CREATED="1304157691429" ID="ID_1712836125" MODIFIED="1304157701881" TEXT="Does not indicate if certificate was ever issued"/>
<node CREATED="1304158111053" ID="ID_1218056919" MODIFIED="1304158164328" TEXT="Originating CA operates service"/>
<node CREATED="1304159047568" ID="ID_751225058" MODIFIED="1304159075415" TEXT="Sender obtains OCSP for own chains"/>
</node>
<node CREATED="1304155077172" ID="ID_1522901448" MODIFIED="1304155084950" TEXT="Time Stamp Protocol">
<node CREATED="1304157713608" ID="ID_1840733882" MODIFIED="1304158300040" TEXT="Obtains a statement that the given content hash was claimed to exist at this particular time"/>
<node CREATED="1304157799268" ID="ID_1067466379" MODIFIED="1304157817095" TEXT="Does not send content to time stamp server"/>
<node CREATED="1304157826927" ID="ID_1651454157" MODIFIED="1304158044760" TEXT="Idea is, if hash collisions are difficult to engineer, then it&apos;s equally difficult to match any arbitrary and fraudulent one -- so fraudulent hash claims are worthless"/>
</node>
</node>
<node CREATED="1304208539325" ID="ID_1356330227" MODIFIED="1304208564145" TEXT="Current Players">
<node CREATED="1304222327856" ID="ID_1749133134" MODIFIED="1304222331362" TEXT="CA/B Forum">
<node CREATED="1304222336895" ID="ID_1773780300" MODIFIED="1304222346056" TEXT="Certification cartel"/>
<node CREATED="1304222365056" ID="ID_678675876" MODIFIED="1304222374827" TEXT="Will not police its own members"/>
<node CREATED="1304222381982" ID="ID_289998284" MODIFIED="1304222388946" TEXT="Will not ensure regulatory compliance"/>
<node CREATED="1304211941655" ID="ID_443604269" MODIFIED="1304211948654" TEXT="Identity CAs">
<node CREATED="1304222358071" ID="ID_42359978" MODIFIED="1304222364174" TEXT="Will not change their businesses"/>
</node>
<node CREATED="1304211952520" ID="ID_1144086558" MODIFIED="1304211955157" TEXT="Browsers"/>
</node>
<node CREATED="1304211955901" ID="ID_302766938" MODIFIED="1304222208723" TEXT="Non-Browser Identity CA consumers"/>
<node CREATED="1304211967283" ID="ID_1034798333" MODIFIED="1304211974298" TEXT="Site Developers"/>
<node CREATED="1304211975304" ID="ID_1514731114" MODIFIED="1304211984174" TEXT="Innocent Victim Businesses"/>
</node>
</node>
</node>
</map>
